Navigate

CCI-001063

CCI-001063 Definition

The organization updates the information system vulnerabilities scanned on an organization-defined frequency, prior to a new scan, and/or when new vulnerabilities are identified and reported.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will update the list of information system vulnerabilities scanned for prior to running scans. The organization must maintain a record of scans including the list of vulnerabilities scanned for. DoD has defined the frequency as prior to running scans.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the record of scans to ensure the latest most up to date scanning policies are present.

Compelling Evidence

1.) Documentation that scanning tool being used is up to date.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001063.

Control	Description
RA-5 (2)	The organization updates the information system vulnerabilities scanned [Selection (one or more): [Assignment: organization-defined frequency]; prior to a new scan; when new vulnerabilities are identified and reported].